Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53272 | 2025-06-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in opicron Image Cleanup allows Cross Site Request Forgery. This issue affects Image Cleanup: from n/a through 1.9.2. | |||||
| CVE-2025-53270 | 2025-06-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Blend Media WordPress CTA allows Cross Site Request Forgery. This issue affects WordPress CTA: from n/a through 1.6.9. | |||||
| CVE-2025-53262 | 2025-06-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Writesonic Writesonic allows Cross Site Request Forgery. This issue affects Writesonic: from n/a through 1.0.4. | |||||
| CVE-2025-53261 | 2025-06-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in macbookandrew WP YouTube Live allows Cross Site Request Forgery. This issue affects WP YouTube Live: from n/a through 1.10.0. | |||||
| CVE-2025-53315 | 2025-06-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in alanft Relocate Upload allows Stored XSS. This issue affects Relocate Upload: from n/a through 0.24.1. | |||||
| CVE-2025-53331 | 2025-06-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in samcharrington RSS Digest allows Stored XSS. This issue affects RSS Digest: from n/a through 1.5. | |||||
| CVE-2025-53327 | 2025-06-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in rui_mashita Aioseo Multibyte Descriptions allows Cross Site Request Forgery. This issue affects Aioseo Multibyte Descriptions: from n/a through 0.0.6. | |||||
| CVE-2025-53313 | 2025-06-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite allows Stored XSS. This issue affects Twitch TV Embed Suite: from n/a through 2.1.0. | |||||
| CVE-2025-53314 | 2025-06-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer allows SQL Injection. This issue affects WP Optimizer: from n/a through 2.3.6. | |||||
| CVE-2025-53269 | 2025-06-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in imw3 My Wp Brand allows Cross Site Request Forgery. This issue affects My Wp Brand: from n/a through 1.1.3. | |||||
| CVE-2025-53329 | 2025-06-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in szajenw Spolecznosciowa 6 PL 2013 allows Stored XSS. This issue affects Spolecznosciowa 6 PL 2013: from n/a through 2.0.6. | |||||
| CVE-2025-53338 | 2025-06-27 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1. | |||||
| CVE-2025-6341 | 1 Fabian | 1 School Fees Payment System | 2025-06-26 | N/A | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-48497 | 2025-06-26 | N/A | N/A | ||
| Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially crafted URL while being logged in to the affected product, arbitrary learning histories may be registered. | |||||
| CVE-2018-14668 | 1 Clickhouse | 1 Clickhouse | 2025-06-25 | 6.8 MEDIUM | 8.8 HIGH |
| In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks. | |||||
| CVE-2025-3687 | 1 Misstt123 | 1 Oasys | 2025-06-25 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2025-50179 | 2025-06-25 | N/A | N/A | ||
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims into changing the canned responses. Tuleap Community Edition 16.8.99.1749830289 and Tuleap Enterprise Edition 16.9-1 contain a patch for the issue. | |||||
| CVE-2024-12224 | 1 Servo | 1 Idna | 2025-06-25 | N/A | 8.8 HIGH |
| Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname. | |||||
| CVE-2025-48991 | 2025-06-25 | N/A | N/A | ||
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into changing the canned responses. Tuleap Community Edition 16.8.99.1748845907, Tuleap Enterprise Edition 16.8-3, and Tuleap Enterprise Edition 16.7-5 contain a fix for the vulnerability. | |||||
| CVE-2024-9847 | 1 Flatpress | 1 Flatpress | 2025-06-24 | N/A | N/A |
| FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress CMS server to perform the desired action on behalf of the victim user. Since the request is authenticated, the server will process it as if it were initiated by the legitimate user, effectively allowing the attacker to perform unauthorized actions. This vulnerability is fixed in version 1.4.dev. | |||||